New Malware Targets Jailbroken iPhones, iPads

WEBINAR:On-Demand

Learn How a Virtual Networking Approach Can Strengthen the Security of Federal Networks REGISTER >

Reddit users recently began discussing a new form of malware targeting jailbroken iOS devices, which the German security consultancy SektionEins is calling "Unflod Baby Panda" (h/t Sophos).

"Unflod" comes from the name of the file, but it's not clear where the name "Baby Panda" comes from.

"This malware appears to have Chinese origin and comes as a library called Unflod.dylib that hooks into all running processes of jailbroken iDevices and listens to outgoing SSL connections," SektionEins researchers write. "From these connections it tries to steal the device's Apple ID and corresponding password and sends them in plain text to servers with IP addresses in control of U.S. hosting companies for apparently Chinese customers."

The device targets jailbroken devices -- the name Unflod may be an attempt to make the malware seem innocuous by looking like an actual Cydia jailbreak tweak called Unfold.

At this point, SektionEins reports, deleting the Unflod.dylib/framework.dylib binary and changing your password might be enough to recover from infection -- but the only way to be truly safe is to do a full restore of your iDevice, removing the jailbreak.